feat: session checks with intent (#6031)

* feat: session checks with intent * feat: session checks with intent * fix: integration tests for intent session * fix: integration tests for intent session * fix merge * fix: integration tests for intent session --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 19:07:30 +00:00 · 2023-06-21 16:06:18 +02:00
parent c12d94f7d4
commit 1b5d6ce89e
29 changed files with 727 additions and 153 deletions
--- a/internal/crypto/crypto.go
+++ b/internal/crypto/crypto.go
@@ -2,6 +2,7 @@ package crypto

 import (
 	"database/sql/driver"
+	"encoding/base64"
 	"encoding/json"

 	"github.com/zitadel/zitadel/internal/errors"
@@ -132,3 +133,21 @@ func FillHash(value []byte, alg HashAlgorithm) *CryptoValue {
 		Crypted:    value,
 	}
 }
+
+func CheckToken(alg EncryptionAlgorithm, token string, content string) error {
+	if token == "" {
+		return errors.ThrowPermissionDenied(nil, "CRYPTO-Sfefs", "Errors.Intent.InvalidToken")
+	}
+	data, err := base64.RawURLEncoding.DecodeString(token)
+	if err != nil {
+		return errors.ThrowPermissionDenied(err, "CRYPTO-Swg31", "Errors.Intent.InvalidToken")
+	}
+	decryptedToken, err := alg.DecryptString(data, alg.EncryptionKeyID())
+	if err != nil {
+		return errors.ThrowPermissionDenied(err, "CRYPTO-Sf4gt", "Errors.Intent.InvalidToken")
+	}
+	if decryptedToken != content {
+		return errors.ThrowPermissionDenied(nil, "CRYPTO-CRYPTO", "Errors.Intent.InvalidToken")
+	}
+	return nil
+}